F-Secure Virus Descriptions : Haifa
This virus contains following text string:
HAIFA VIRUS V1.12
WRITTEN BY Y.S
GUEST STARS T.S. & I.F.
MADE IN ISRAEL
I AM TIRED. PLEASE WAKE ME UP ON TUE 12.4.3456
PRESS RESET TO CONTINUE...
The virus searches specifically for files with ASM, PAS, TXT and DOC
extensions (as well as COM and EXE).
ASM files have the first 76 bytes overwritten with a assembler routine
which is designed (when assembled) to overwrite the beginning of the first
hard drive with garbage.
PAS files have the first 23 bytes overwritten with the text:
CONST VIRUS= "HAIFA";
TXT and DOC files are corrupted by having text inserted at
approximate half-way point:
OOPS! Hope I didn't ruin anything!!!
Well, nobody reads those stupied DOCS anyway!
Although this virus has no stealth capability, it contains a self-modifying
encryption routine such that each infection appears differently on disks.
|
![](/images/pixel.gif"){kind=tracking}
